SharePoint 2013 and ADFS 2.0 Test with Claims Viewer Web Part

Overview

When using SAML Claims through ADFS 2.0 it’s useful to have a way to validate which claims are being returned. We came across a web part that leverages a “TokenVisualizer” control and provides an easy solution to view the contents of the SAML token.  This is based on a blog post by Liam Cleary so be sure to visit it for additional details.

This article is part of a larger series that specifically chronicles our efforts to implement SharePoint 2013 using ADFS and an identity provider.  Below is a list of other articles in the series:

Install

The following steps will outline how to deploy the solution which will automatically be activated at the farm level.

  1. Download the WSP file from http://blog.helloitsliam.com/Presentations/Helloitsliam.ClaimsViewerWebPart.wsp
  2. Copy the solution file to one of the servers in the SharePoint farm.
  3. Logon to the server where the WSP file is located
  4. Launch the “SharePoint 2013 Management Shell”
  5. Navigate to the location of the WSP file (D:\Software\CodePlex\ClaimsViewer\ in this example)
  6. Execute the following command
    • Add-SPSolution –LiteralPath “D:\Software\CodePlex\ClaimsViewer\Helloitsliam.ClaimsViewerWebPart.wsp”image
  7. Verify solution was deployed by entering the “Get-SPSolution” cmdlet.  The “Deployed” column should read “True” once the “helloitsliam.claims.viewerwebpart.wspt” is deployed.
    • image

Activate Feature

Each site in the “Portal” web application will have a Site Collection Feature called “ClaimsViewerWebPartFeature1” that will need to be activated before the web part will be available.

    1. Navigate to a site that you want to place the claims viewer web part on with an account that is a “Site Collection Administrator”.  In this example I’ll use the https://portal.2008r2.local .
    2. Click on the gear icon in the upper right hand corner and select the “Site Settings” option
    3. Navigate to the “Site Collection Administration” section and click on the “Site collection features” link
    4. Click the “Activate” button next to the “ClaimsViewerWebPartFeature1” entry

Add Web Part to Page

Now that the feature is activated it can be added to a page in the site.  This can be on any page, and for the purpose of this article will place the web part on the main landing page.

  1. Click the “Page” tab on the ribbon bar
  2. Click the “Edit” button on the ribbon bar
    • image
  3. Click the “Insert” tab on the ribbon bar
  4. Click the “WebPart” button on the ribbon bar
    • image
  5. In the “Categories” section click on the “Custom” folder
  6. In the “Parts” section select the “ClaimsViewerWebPart – ClaimsVisualizer” entry and then click the “Add” button
    • image
  7. The web part is now added to the page.  Click “Save” in the ribbon bar to commit the change.

Test Claims Viewer Web Part

The web part should now be displayed on the https://portal.2008r2.local site in the collapsed form.  Click the + icon to expand the web part and view the contents of the SAML token for the logged on user:

image

The display will be divided into two sections, “Issued Identity” and “SAML Token”. In the “Issued Identity” section the “namedidentifier” should display the logged on users email address. There will also be several “Role” entries listed that the logged on user is a member of. The “emailaddress” and “role” claim entries are the values that can be used to assign permissions to objects on the site for that user.

image

Advertisements
Tagged with: , ,
Posted in SAML Claims, SharePoint 2013, Troubleshooting
One comment on “SharePoint 2013 and ADFS 2.0 Test with Claims Viewer Web Part
  1. Dana Ellis says:

    Can this be used with Sharepoint 2010? I have deployed it but when trying to add it to the page I am getting error that the web part is not registered as safe, I checked my web config and the safe control is there as True and also checked the GAC and it is registered there as safe as well.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: